How cyber-smart is your organization?
Irecently participated in a panel discussion about the current state of affairs in public-private information sharing, the Internet of Things, and whether data privacy is dead. For the risk managers and chief information security officers (CISO) attending, there was considerable discussion about the need to share information across organizations and with the federal government to better understand, mitigate and prevent cyber security threats. This is a new and necessary way of thinking, recognizing that “together we are stronger.” This also applies to the workforce within organizations.
Willis Towers Watson recently analyzed and published employee survey results across its database, capturing employee opinions from over 450,000 employees corresponding to a period during which significant data breaches were identified within the companies. We wanted to understand if there were vulnerable aspects of culture in databreached companies, and compared these opinion scores with global high–performance organizations with the highest levels of favorable opinion in the database
In comparison with high- performance companies, employees’ opinions in databreached organizations consistently lag when queried about training. These entities may not place the same emphasis on training needed for their employees’ work. When we consider the increasing, ever-evolving use of technology in work, coupled with a lack of training and talent shortage for work with technology, there is a risk of not having the necessary “Cyber IQ” to safeguard information and handle data appropriately.
ARE YOU CYBER WORK READY?
To create a cyber-smart organization, a learning culture that emphasizes applying acquired skills to business challenges is needed. Breached companies’ inability to create an ongoing learning environment may reflect a lack of emphasis on staying current with emerging business needs and trends. This potentially includes knowledge of how to circumvent attempts to acquire confidential and sensitive data by determined hackers. A closer look by IT workers at the gaps in breached organizations reveals a common theme related to training: inadequate onboarding. For IT staff, onboarding needs to cover the processes and procedures to manage cyber risk given the business environment.
With over 80% of cyber functions anticipating headcount growth and changes to their cyber and IT organization structures, boards, management, CISOs and chief human resources officers are requiring work strategies to define the changing scope and impact of cyber work, and identify emerging skills and talent gaps. Learning and improved collaboration across cyber defense and IT teams is one important step to be cyber work ready. Another key action is to recognize where talent gaps exist due to skill deficits in the market and the extended time to onboard and reach productivity in role. Future digital workers will need to possess technical skills that both advance companies today and are flexible enough to be adapted as the digital environment evolves.
Consider key areas of work that are increasingly important and in high demand with limited talent supply: Architecture and engineering (the design of how technology systems and platforms relate), business acumen (effectively partnering with the business for product/service and cyber security integrity), and threat intelligence research (data insights and hypothesis testing). CISOs and business leaders highlight that they need new talent in these areas, and the time to hire and onboard talent has grown in some cases it can take 12-18 months by the time “productive talent” is in role. Can you afford to have these talent gaps for that long? CISOs, cyber and IT leaders, and HR need to actively manage this deficit and risk by evaluating alternatives to get the work done.
These alternatives may include reconfiguring work and securing talent in hybrid roles that pair IT/cyber/ business product, or breaking apart the jobs to look at different resources, such as specialist talent with third- party providers or contracted subject matter experts, or technology itself ( artificial intelligence). As talent deficits are addressed, bear in mind the research: whether permanent or an alternative worker type, your organization’s specific on- boarding and training programs are an important line of defense in addressing cyber vulnerabilities and achieving resiliency.